Posts tagged “Windows 8”

The security researcher who yesterday was awarded $100,000 by Microsoft spent about two weeks pondering, then demonstrating a new way to circumvent Windows’ defensive technologies.

In an interview today, James Forshaw, the head of vulnerability research at U.K.-based Context Information Security, described in the most general terms the work that resulted in the big bounty.

"When Microsoft announced the initial bounties, I first thought about the mitigations I wanted to go over." said Forshaw. "Windows has a lot of mitigating in place, so I started to brainstorm. I asked myself, ‘How would I do it [if I was a cyber criminal]?’"

From start to finish — from those brainstorming sessions to an exploit that proved his mitigation bypass approach worked — Forshaw said he spent about half a month on the project. "From my initial thought to a full working proof of concept was about two weeks," he said.

Forshaw stressed that the two weeks of solid work were atop the years he’s spent in information security, hammering home the point that winning submissions, whether for a bonus program like Microsoft’s or those that browser makers and other vendors run to collect details on specific vulnerabilities, almost always goes to very experienced, long-time researchers.

"This is not something that anyone’s done before, but then again, nothing is completely revolutionary," said Forshaw.

Microsoft echoed that yesterday. In a Tuesday blog post, Katie Moussouris, a senior security strategist with the Microsoft Security Response Center (MSRC), and the manager of the bounty programs, said that a Microsoft engineer had independently found a variant of the attack technique class that Forshaw reported.

"But James’ submission was of such high quality and outlined some other variants such that we wanted to award him the full $100,000 bounty," wrote Moussouris.

Suitable for implementation in both embedded devices and "external" applications, this is handwriting-based text input to automatically convert text in third-party applications on Windows-based devices.

Support for seven new languages brings the total count of supported languages to 11, including English (US, UK, US Medical), Danish, Dutch, Finnish, French, German, Italian, Norwegian, Portuguese (Brazil, Portugal), Spanish, and Swedish.

PhatWare has worked on improved recognition quality of individual letters and words in print and cursive modes. The company has also updated sample code that demonstrates how to call native WritePad API from .NET and Windows Store applications. It recognizes dictionary words from its main or user-defined dictionary, as well as non-dictionary words, such as names, numbers, and mixed alphanumeric combinations.

It also provides automatic segmentation of handwritten text into words and automatically differentiates between vocabulary and non-vocabulary words, and between words and arbitrary alphanumeric strings.

According to PhatWare, "WritePad SDK includes handwriting recognition engine static libraries and dictionaries for all supported languages, API header files, documentation, and sample code in C++ and C# allowing easy integration with new or existing Windows applications or devices. WritePad SDK evaluation is free, while commercial redistribution is royalty-based."

It’s hardly a secret that the computer-buying public hasn’t fallen head over heels for the Windows 8 start screen. In fact, a whole cottage industry has sprung up around returning Windows to its version-7 glory. The latest rumors indicate that Microsoft may be moving to squash these apps, by enabling 8.1 to boot directly to the desktop and reinstating the start button. Code recently dug up in a DLL, buried within the bowels of a leaked version of Windows Blue strongly suggests that this relatively minor revision of the desktop and tablet OS could offer users a way to skip the live tiles and go right to the familiar UI of Windows past. An entry for “CanSuppressStartScreen” was found by quite a few different forum users in the TwinUI.dll file. Unfortunately, we were unable to confirm this ourselves. While there’s no hard evidence for a return of the start button just yet, the reliable Mary Jo Foley has heard from at least one source that Redmond is considering bringing the little logo orb back. Of course, nothing is certain yet. There’s no guarantee that either feature will actually make it into the final version of Windows 8.1, but we’re sure at least a few of you have your fingers crossed.

A tease of the upcoming update to Windows 8 has leaked online, with a number of leaked screenshots showing off some of the cosmetic and under-the-hood changes Microsoft has in store for its "Windows Blue" update.

First up, Microsoft appears to be expanding the allowable size of tiles that one can place on Windows 8’s Start Screen – permitting tiles that are one-fourth the size of a typical tile (i.e. envision splitting one normal-sized tile into four tinier titles), as well as titles that are up to four times as big.

Microsoft’s also throwing in some additional customization options into the mix, adding what appears to be a Charms Bar menu for Start Screen called "Personalize" that allows a user to swap out one’s background, edit background colors, and edit accent colors directly from the operating system’s sidebar.

The ability to more easily mess with Windows 8’s settings without having to jump through all sorts of hoops and menu options seems to be a common theme within Windows Blue. For Microsoft’s also apparently adding in a few extra settings within the Start Screen-based "PC settings" section – presumabyl to keep users, especially those on tablets, from having to jump into a Desktop Mode-driven settings panel.

A new option for SkyDrive configuration joins a breakout menu for editing one’s Lock screen, a new section for Network and Apps-related settings, and a separate "Update & Recovery" menu presumably for editing Windows’ auto-update settings (and disaster management). Additionally, a new "Screen" menu will give Windows 8 users the ability to edit related power-saving features, in addition to tweaking other display settings and flipping their devices’ touch feedback on and off.

Perhaps one of the more noticeable additions to Windows 8 will come in the form of stronger split-screen treatment for Windows 8 apps. Users will now be able to divide their screens in half and run two apps at a time that take up equal portions of one’s display real estate. And for those slightly crazier, you’ll even be able to split your screen into a setup that allows four apps to run concurrently – a quad, perhaps?

If you’d like to check out all the update goodies for yourself, a leaked version of a Windows Blue partner build is making its way on various file-sharing sites (that we’re not going to specifically list). However, a more legitimate copy of the update is likely to come in the form of a Microsoft-sanctioned public preview released at some point in the next few months – as specific a deadline as we’ve been able to glean so far. Windows Blue is expected to officially launch at some point later this year.

Setup

Download and install the Windows 8 Twitter app from the Windows Store. The first time you launch the app, you’ll need to log in with your Twitter username and password to authorize the app. The second time you launch the app, you may be prompted to allow Twitter to run the in background. If you want show quick status notifications on the lock screen, you should allow it to run in the background. You can always go back to PC settings and change it later if you change your mind.

Using Twitter for Windows 8

After authorization, you’ll see the familiar timeline as well as the navigation tabs on the left side of the app: Home, Connect, Discover, and Me. In the upper right-hand corner, you’ll also notice the Compose and Search icons. If you’re already familiar with Twitter, using the app to compose, reply, retweet, and favorite should be pretty self-explanatory.

Click to enlarge.

(Credit: Screenshot by Ed Rhee/CNET)

Photo grid: A unique feature of the Twitter app in Windows 8 is the photo grid in profiles. When viewing a Twitter user’s profile, you can swipe photos or scroll horizontally and see them all in a grid. When you select a photo, it will display in full-screen.

Click to enlarge.

(Credit: Screenshot by Ed Rhee/CNET)

Search and Share charms: Another distinct feature of the Windows 8 Twitter app is the Search and Share charms. From any app in Windows 8, you can search Twitter for hash tags or accounts using the Search charm. And with the Share charm, you can quickly share content from any app to Twitter. To access the Charms, just swipe in from the right edge of the screen or move the mouse to the lower right-hand corner. You can also use the keyboard shortcut, Win+Q for Search and Win+H for Share.

Click to enlarge.

(Credit: Screenshot by Ed Rhee/CNET)

Snap view: One of the cooler features of Twitter for Windows 8 is the ability to snap the app to the side of the screen. This lets you view your timeline while using another app. To snap two apps side by side, bring in the second app from the left edge with your finger or the upper left-hand corner with your mouse. You can also use the keyboard shortcut, Win+. to toggle snapping the current app to the left, right, or back to full-screen.

Click to enlarge.

(Credit: Screenshot by Ed Rhee/CNET)

Settings: If you want to change notifications, log out of the Twitter app, clear search history, or modify display settings, swipe in from the right edge then go to Settings > Options, or use the keyboard shortcut, Win+I and select Options. From Settings, you can also choose Permissions to change privacy settings, toggle notifications, and to allow or disallow the app to run in the background.

That’s it. The Twitter app for Windows 8 is great for Windows 8 tablet and hybrid users, but desktop users might be able to benefit from it as well. When used with StarDock’s ModernMix, it’ll run in its own window, making it function like a desktop client.

From Microsoft Developer Tools Blog

Starting tomorrow, we are updating Internet Explorer 10 in Windows 8 and Windows RT to enable Flash content to run by default. On Windows 8, all Flash content continues to be enabled for IE on the desktop.

As we have seen through testing over the past several months, the vast majority of sites with Flash content are now compatible with the Windows experience for touch, performance, and battery life. With this update, the curated Compatibility View (CV) list blocks Flash content in the small number of sites that are still incompatible with the Windows experience for touch or that depend on other plug-ins.

We believe having more sites “just work” in IE10 improves the experience for consumers, businesses, and developers. As a practical matter, the primary device you walk around with should give you access to all the Web content on the sites you rely on. Otherwise, the device is just a companion to a PC. Because some popular Web sites require Adobe Flash and do not offer HTML5 alternatives, Adobe and Microsoft continue to work together closely to deliver a Flash Player optimized for the Windows experience.

Windows 8Windows RT

Immersive IEEnabled unless on CV list Enabled unless on CV list

Desktop IEEnabled for all sites Enabled unless on CV list

This updates the immersive IE experience on Windows 8, and both the immersive and desktop IE experiences on Windows RT. The update will be made available to customers with Windows Update. The curated CV list applies to IE on the desktop for Windows RT since the most common reason to block Flash is that the site relies on other plug-ins that are not available on Windows RT.